[IPsec] new version of IKEv3

"Dan Harkins" <dharkins@lounge.org> Fri, 12 April 2013 22:47 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3562521F88A0 for <ipsec@ietfa.amsl.com>; Fri, 12 Apr 2013 15:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id J0x8uh69Ipqx for <ipsec@ietfa.amsl.com>; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net []) by ietfa.amsl.com (Postfix) with ESMTP id BA20D21F878F for <ipsec@ietf.org>; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Received: from www.trepanning.net (localhost []) by colo.trepanning.net (Postfix) with ESMTP id 94A8FA888010 for <ipsec@ietf.org>; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Received: from (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
Message-ID: <05ee1611c9732b5410df679113ebcf79.squirrel@www.trepanning.net>
Date: Fri, 12 Apr 2013 15:47:35 -0700 (PDT)
From: "Dan Harkins" <dharkins@lounge.org>
To: ipsec@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [IPsec] new version of IKEv3
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2013 22:47:36 -0000


  I've updated IKEv3 and the new version has been posted (see below).
Major changes are:

  * support for NAT-T (which is different than the way it was done in
     prior versions of IKE, please take a look at it).
  * addressing the MiTM attack Valery Smyslov brought up on the list.
  * allowing more than one IKE SA per peer (which was kind of necessary
     to support NATs).

  I look forward to hearing any comments or issues people have with
this protocol. As usual, if you plan on implementing it and would like
to interoperate I'd love to hear from you.




A new version of I-D, draft-harkins-ikev3-01.txt
has been successfully submitted by Dan Harkins and posted to the
IETF repository.

Filename:	 draft-harkins-ikev3
Revision:	 01
Title:		 The (Real) Internet Key Exchange
Creation date:	 2013-04-12
Group:		 Individual Submission
Number of pages: 43
Status:          http://datatracker.ietf.org/doc/draft-harkins-ikev3
Htmlized:        http://tools.ietf.org/html/draft-harkins-ikev3-01
Diff:            http://www.ietf.org/rfcdiff?url2=draft-harkins-ikev3-01

   The current version (v2) of the Internet Key Exchange failed to
   address many of the shortcomings of the original version (v1).  This
   memo defines a new version (v3) of the Internet Key Exchange that
   attempts to do so.